From: "lky" <lky77@sjtu.edu.cn>
To: "SELINUX" <SELinux@tycho.nsa.gov>
Subject: policy configuration problems
Date: Thu, 9 Oct 2003 00:47:22 +0800 [thread overview]
Message-ID: <000e01c38dbb$d9841a60$5d38a8c0@lky> (raw)
[-- Attachment #1: Type: text/plain, Size: 1593 bytes --]
Hi, I have installed 2.4-based SELinux on Redhat9.0 and I want to eliminate the denied messages now. But there are several problems about my policy configuration.
First,there are still several system processes run within the initrc_t domain. I have moved up the .te files for these programes from the policy/domains/program/unused directory before building the policy and the pathname for these programs in the .fc files are right as well. Below is the
associated messages with the command "ps -e --context":
--------------------------------------------------------------------------------------------------------------------
PID CONTEXT COMMAND
925 system_u:system_r:initrc_t portmap
944 system_u:system_r:initrc_t rpc.statd
1054 system_u:system_r:initrc_t xinetd -stayalive -reuse -pidfile
1074 system_u:system_r:initrc_t sendmail: accepting connections
1083 system_u:system_r:initrc_t sendmail: Queue runner@01:00:00 f
1093 system_u:system_r:initrc_t gpm -t imps2 -m /dev/mouse
1103 system_u:system_r:initrc_t /usr/sbin/cannaserver -syslog -u
-------------------------------------------------------------------------------------------------------------------
The second problem is that I used the "newrule.pl -d" command to automaticaly generate the allow rules.But there is no effect after I append the rules in the associated .te files and run the command "make load". The same denied messages are still there.
Thanks a lot!
[-- Attachment #2: Type: text/html, Size: 3269 bytes --]
next reply other threads:[~2003-10-08 16:40 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-10-08 16:47 lky [this message]
2003-10-08 19:17 ` policy configuration problems Tom
2003-10-09 18:32 ` lky
2003-10-10 1:40 lky
2003-10-10 6:48 ` Russell Coker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='000e01c38dbb$d9841a60$5d38a8c0@lky' \
--to=lky77@sjtu.edu.cn \
--cc=SELinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.